US Lawyer Database

843-966-9603

Menu
Claim your profile

For Lawyer-Seekers

YOU DESERVE THE BEST LAWYER

Claim your profile

For Lawyer-Seekers

Menu

843-966-9603

US Law

Home » US Law » 2022 Code of Alabama » Title 8 - Commercial Law and Consumer Protection. » Chapter 38 - Data Breach Notification Act of 2018.

US Law

Section 8-38-1 – Short Title.

Section 8-38-1 Short title. This chapter may be cited and shall be known as the Alabama Data Breach Notification Act of 2018. (Act 2018-396, §1.)

Section 8-38-10 – Disposal of Records Containing Sensitive Personally Identifying Information.

Section 8-38-10 Disposal of records containing sensitive personally identifying information. A covered entity or third-party agent shall take reasonable measures to dispose, or arrange for the disposal, of records containing sensitive personally identifying information within its custody or control when the records are no longer to be retained pursuant to applicable law, regulations, or business […]

Section 8-38-11 – Exemptions – Federal.

Section 8-38-11 Exemptions – Federal. An entity subject to or regulated by federal laws, rules, regulations, procedures, or guidance on data breach notification established or enforced by the federal government is exempt from this chapter as long as the entity does all of the following: (1) Maintains procedures pursuant to those laws, rules, regulations, procedures, […]

Section 8-38-12 – Exemptions – State.

Section 8-38-12 Exemptions – State. An entity subject to or regulated by state laws, rules, regulations, procedures, or guidance on data breach notification that are established or enforced by state government, and are at least as thorough as the notice requirements provided by this chapter, is exempt from this chapter so long as the entity […]

Section 8-38-2 – Definitions.

Section 8-38-2 Definitions. For the purposes of this chapter, the following terms have the following meanings: (1) BREACH OF SECURITY or BREACH. The unauthorized acquisition of data in electronic form containing sensitive personally identifying information. Acquisition occurring over a period of time committed by the same entity constitutes one breach. The term does not include […]

Section 8-38-3 – Reasonable Security Measures; Assessment.

Section 8-38-3 Reasonable security measures; assessment. (a) Each covered entity and third-party agent shall implement and maintain reasonable security measures to protect sensitive personally identifying information against a breach of security. (b) Reasonable security measures means security measures practicable for the covered entity subject to subsection (c), to implement and maintain, including consideration of all […]

Section 8-38-4 – Investigation of Security Breach.

Section 8-38-4 Investigation of security breach. (a) If a covered entity determines that a breach of security has or may have occurred in relation to sensitive personally identifying information that is accessed, acquired, maintained, stored, utilized, or communicated by, or on behalf of, the covered entity, the covered entity shall conduct a good faith and […]

Section 8-38-5 – Notice of Security Breach – Individuals Affected.

Section 8-38-5 Notice of security breach – Individuals affected. (a) A covered entity that is not a third-party agent that determines under Section 8-38-4 that, as a result of a breach of security, sensitive personally identifying information has been acquired or is reasonably believed to have been acquired by an unauthorized person, and is reasonably […]

Section 8-38-6 – Notice of Security Breach – Attorney General.

Section 8-38-6 Notice of security breach – Attorney General. (a) If the number of individuals a covered entity is required to notify under Section 8-38-5 exceeds 1,000, the entity shall provide written notice of the breach to the Attorney General as expeditiously as possible and without unreasonable delay. Except as provided in subsection (c) of […]

Section 8-38-7 – Notice of Security Breach – Consumer Reporting Agencies.

Section 8-38-7 Notice of security breach – Consumer reporting agencies. If a covered entity discovers circumstances requiring notice under Section 8-38-5 of more than 1,000 individuals at a single time, the entity shall also notify, without unreasonable delay, all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis, as defined […]

Section 8-38-8 – Notice of Security Breach – Covered Entity.

Section 8-38-8 Notice of security breach – Covered entity. In the event a third-party agent has experienced a breach of security in the system maintained by the agent, the agent shall notify the covered entity of the breach of security as expeditiously as possible and without unreasonable delay, but no later than 10 days following […]

Section 8-38-9 – Violations of Notification Requirements.

Section 8-38-9 Violations of notification requirements. (a) A violation of the notification provisions of this chapter is an unlawful trade practice under the Alabama Deceptive Trade Practices Act, Chapter 19 of this title, but does not constitute a criminal offense under Section 8-19-12. The Attorney General shall have the exclusive authority to bring an action […]